For DSA, the order of magnitude seems right to me. But for RSA and $e=65537=2^{16}+1$, that's 16 squares and 1 multiplication $\bmod n$; not 4 squares and 2 multiplications.
–
fgrieuMay 27 '13 at 16:55

@fgrieu: Yes, you are right. The reason the number of multiplications was one off, is because most algorithms also include a multiplication by one, which obviously might be optimized away.
–
Henrick HellströmMay 28 '13 at 7:20

A quick follow up, is there a big difference in authentication and verification complexity between RSA with a 1024 modulus and a 2048 modulus?
–
11d060a946665fb769d865f4bbb48cJun 6 '13 at 9:00

@SanderDemeester: That depends on both software and hardware. If you use a schoolbook implementation on hardware with a normal word size (such as 32 or 64), you should expect the private key operation to be up to 8 times slower, and the public key operation to be 4 times slower, if you increase the modulus by a factor of 2. The actual difference might be both greater and smaller, depending on things such as which algorithm is used, the CPU cache etc.
–
Henrick HellströmJun 6 '13 at 9:20